Signserver exception cryptoTokenOfflineException: Signtoken isn't active

432 views Asked by At

I am setting up workers for PDF signing and time stamping. I use PKCS #12 certificate generated from EJBCA. key is SHA256WithECDSA encryption is ECDSA prime256v1. After using this properties(https://pastebin.com/bkpNBvc1) for setting up I am getting this results:

20:45:45,531 INFO  [org.signserver.server.log.IWorkerLogger] (default task-1) AllVariablesLogger; CLIENT_IP: 127.0.0.1; XFORWARDEDFOR: null; XCUSTOM1: null; LOG_TIME: 1605991545531; CLIENT_AUTHORIZED: true; EXCEPTION: org.signserver.common.CryptoTokenOfflineException: Signtoken isn't active.; WORKER_AUTHTYPE: NOAUTH; WORKER_NAME: PDFSigner; KEYALIAS: signer00003; PROCESS_SUCCESS: false; WORKER_ID: 4; CRYPTOTOKEN: CryptoTokenP12PdfSigner; REQUEST_LENGTH: 252361; REQUEST_FULLURL: http://localhost/signserver/process?null; FILENAME: document.pdf; LOG_ID: a2c32acb-f5af-4b8f-9104-0ad942c379a3; REPLY_TIME:1605991545531

When I use enrollment code as keystore password it provides this result.

22:34:59,578 INFO  [org.signserver.server.log.IWorkerLogger] (default task-14) AllVariablesLogger; CLIENT_IP: 127.0.0.1; XFORWARDEDFOR: null; XCUSTOM1: null; LOG_TIME: 1605998099578; CLIENT_AUTHORIZED: true; EXCEPTION: org.signserver.common.CryptoTokenOfflineException: No key available for purpose: signer00003; WORKER_AUTHTYPE: NOAUTH; WORKER_NAME: PDFSigner; KEYALIAS: signer00003; PROCESS_SUCCESS: false; WORKER_ID: 4; CRYPTOTOKEN: CryptoTokenP12PdfSigner; REQUEST_LENGTH: 252361; REQUEST_FULLURL: http://localhost/signserver/process?null; FILENAME: document.pdf; LOG_ID: 60961c2a-d005-4f19-a7bf-d74bb30c0448; REPLY_TIME:1605998099578

Any suggestions

OS version: Windows Server 2016
Java: OpenJDK 8.0.242.08 Ant: ant 1.9.14
Database: MariaDB 10.4.12
Server: Wildfly 10.1.0
Signserver Version: 5.2.0

Token is activated and and have auto-activation feature enter image description here

1

There are 1 answers

14
primetomas On

Since you did not enable auto-activation of the crypto token. Did you enable the crypto token and worker before sending a signing request?